Consent is changing
Arguably the biggest change in how data is kept, the GDPR has a large focus on subject consent. A company needs to make it fully clear when requesting data collection consent. Illegible terms and conditions full of inaccessible legalese is no longer allowed.
Data subjects have the right to obtain confirmation that their data is being processed, as well as the right to ask why. They can also request information on: with whom the data may be shared; the period of storage; the rights to erasure; the rights to complain to the Data Protection Agency; the source of the data and details of any automated processing.
Should a participant wish to withdraw their data, this action must be as straightforward as the action in which they provided it.